Scribd
Upload
265 views11 pages

ZAP Scanning Report

This ZAP scanning report summarizes the results of a vulnerability scan on the site http://www.hipertexto.info. It found a total of 9 alerts, including 1 high risk alert for PII disclosure, 3 medium risk alerts for issues like missing security headers, and 5 low risk alerts. The report provides a breakdown of alerts by risk level, site affected, and type of issue detected.

Uploaded by

SNEYDER
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
265 views11 pages

ZAP Scanning Report

This ZAP scanning report summarizes the results of a vulnerability scan on the site http://www.hipertexto.info. It found a total of 9 alerts, including 1 high risk alert for PII disclosure, 3 medium risk alerts for issues like missing security headers, and 5 low risk alerts. The report provides a breakdown of alerts by risk level, site affected, and type of issue detected.

Uploaded by

SNEYDER
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

11/26/22, 4:30 PM ZAP Scanning Report

ZAP Scanning Report


Generated with ZAP
on Sat 26 Nov 2022, at 16:19:09

Contents
About this report

Report parameters

Summaries

Alert counts by risk and confidence

Alert counts by site and risk

Alert counts by alert type

Alerts

Risk=High, Confidence=High (1)

Risk=Medium, Confidence=High (1)

Risk=Medium, Confidence=Medium (1)

Risk=Medium, Confidence=Low (1)

Risk=Low, Confidence=Medium (2)

Risk=Low, Confidence=Low (1)

Risk=Informational, Confidence=Medium (1)

file:///C:/Users/erojas/2022-11-26-ZAP-Report-.html#alert-type-1 1/11
11/26/22, 4:30 PM ZAP Scanning Report

Risk=Informational, Confidence=Low (1)

Appendix

Alert types

About this report


Report parameters

Contexts

No contexts were selected, so all contexts were included by default.

Sites

The following sites were included:

http://www.hipertexto.info

(If no sites were selected, all sites were included by default.)

An included site must also be within one of the included contexts for its
data to be included in the report.

Risk levels

Included:
High, Medium, Low, Informational

Excluded:
None

Confidence levels

Included:
User Confirmed, High, Medium, Low

Excluded:
User Confirmed, High, Medium, Low, False Positive

file:///C:/Users/erojas/2022-11-26-ZAP-Report-.html#alert-type-1 2/11
11/26/22, 4:30 PM ZAP Scanning Report

Summaries
Alert counts by risk and confidence

This table shows the number of alerts for each level of risk and confidence
included in the report.

(The percentages in brackets represent the count as a percentage of the total


number of alerts included in the report, rounded to one decimal place.)

Confidence

User
Confirmed High Medium Low Total
High 0
1
0
0
1

(0.0%) (11.1%) (0.0%) (0.0%) (11.1%)

Medium 0
1
1
1
3

(0.0%) (11.1%) (11.1%) (11.1%) (33.3%)

Low 0
0
2
1
3

Risk (0.0%) (0.0%) (22.2%) (11.1%) (33.3%)

Informationa 0
0
1
1
2

l (0.0%) (0.0%) (11.1%) (11.1%) (22.2%)

Total 0
2
4
3
9

(0.0%) (22.2%) (44.4%) (33.3%) (100%)

Alert counts by site and risk

This table shows, for each site for which one or more alerts were raised, the
number of alerts raised at each risk level.

Alerts with a confidence level of "False Positive" have been excluded from these
counts.

file:///C:/Users/erojas/2022-11-26-ZAP-Report-.html#alert-type-1 3/11
11/26/22, 4:30 PM ZAP Scanning Report

(The numbers in brackets are the number of alerts raised for the site at or above
that risk level.)

Risk

Information
al

High
Medium
Low
(>= Informa
(= High) (>= Medium) (>= Low) tional)
http://www.hipertext 1
3
3
2

Site o.info (1) (4) (7) (9)

Alert counts by alert type

This table shows the number of alerts of each alert type, together with the alert
type's risk level.

(The percentages in brackets represent each count as a percentage, rounded to


one decimal place, of the total number of alerts included in this report.)

Alert type Risk Count


PII Disclosure High 3

(33.3%)

Absence of Anti-CSRF Tokens Medium 3

(33.3%)

Content Security Policy (CSP) Header Not Medium 433

Set (4,811.1%)

Missing Anti-clickjacking Header Medium 182

(2,022.2%)

Server Leaks Information via "X-Powered- Low 1856

By" HTTP Response Header Field(s) (20,622.2%)

Total 9

file:///C:/Users/erojas/2022-11-26-ZAP-Report-.html#alert-type-1 4/11
11/26/22, 4:30 PM ZAP Scanning Report

Alert type Risk Count


Timestamp Disclosure - Unix Low 2

(22.2%)

X-Content-Type-Options Header Missing Low 1856

(20,622.2%)

Information Disclosure - Suspicious Informational 1

Comments (11.1%)

Modern Web Application Informational 176

(1,955.6%)

Total 9

Alerts
Risk=High, Confidence=High (1)

http://www.hipertexto.info (1)

PII Disclosure (1)

GET http://www.hipertexto.info/desglobaliza/globalizacion.pdf

Risk=Medium, Confidence=High (1)

http://www.hipertexto.info (1)

Content Security Policy (CSP) Header Not Set (1)

GET http://www.hipertexto.info/documentos/internet_tegn.htm

file:///C:/Users/erojas/2022-11-26-ZAP-Report-.html#alert-type-1 5/11
11/26/22, 4:30 PM ZAP Scanning Report

Risk=Medium, Confidence=Medium (1)

http://www.hipertexto.info (1)

Missing Anti-clickjacking Header (1)

GET http://www.hipertexto.info/documentos/internet_tegn.htm

Risk=Medium, Confidence=Low (1)

http://www.hipertexto.info (1)

Absence of Anti-CSRF Tokens (1)

GET http://www.hipertexto.info/Buscador/buscador.htm

Risk=Low, Confidence=Medium (2)

http://www.hipertexto.info (2)

Server Leaks Information via "X-Powered-By" HTTP Response


Header Field(s) (1)

GET http://www.hipertexto.info/documentos/internet_tegn.htm

X-Content-Type-Options Header Missing (1)

GET http://www.hipertexto.info/documentos/internet_tegn.htm

Risk=Low, Confidence=Low (1)

http://www.hipertexto.info (1)

file:///C:/Users/erojas/2022-11-26-ZAP-Report-.html#alert-type-1 6/11
11/26/22, 4:30 PM ZAP Scanning Report

Timestamp Disclosure - Unix (1)

GET http://www.hipertexto.info/documentos/localiz.htm

Risk=Informational, Confidence=Medium (1)

http://www.hipertexto.info (1)

Modern Web Application (1)

GET http://www.hipertexto.info/documentos/internet_tegn.htm

Risk=Informational, Confidence=Low (1)

http://www.hipertexto.info (1)

Information Disclosure - Suspicious Comments (1)

GET http://www.hipertexto.info/Buscador/buscador.htm

Appendix
Alert types

This section contains additional information on the types of alerts in the report.

PII Disclosure

Source raised by a passive scanner (PII Disclosure)

CWE ID 359
file:///C:/Users/erojas/2022-11-26-ZAP-Report-.html#alert-type-1 7/11
11/26/22, 4:30 PM ZAP Scanning Report

WASC ID 13

Absence of Anti-CSRF Tokens

Source raised by a passive scanner (Absence of Anti-


CSRF Tokens)

CWE ID 352

WASC ID 9

Reference http://projects.webappsec.org/Cross-Site-
Request-Forgery

http://cwe.mitre.org/data/definitions/352.html

Content Security Policy (CSP) Header Not Set

Source raised by a passive scanner (Content Security


Policy (CSP) Header Not Set)

CWE ID 693

WASC ID 15

Reference https://developer.mozilla.org/en-
US/docs/Web/Security/CSP/Introducing_Content
_Security_Policy

https://cheatsheetseries.owasp.org/cheatsheets/
Content_Security_Policy_Cheat_Sheet.html

http://www.w3.org/TR/CSP/

http://w3c.github.io/webappsec/specs/content-
security-policy/csp-specification.dev.html
file:///C:/Users/erojas/2022-11-26-ZAP-Report-.html#alert-type-1 8/11
11/26/22, 4:30 PM ZAP Scanning Report

http://www.html5rocks.com/en/tutorials/security
/content-security-policy/

http://caniuse.com/#feat=contentsecuritypolicy

http://content-security-policy.com/

Missing Anti-clickjacking Header

Source raised by a passive scanner (Anti-clickjacking


Header)

CWE ID 1021

WASC ID 15

Reference https://developer.mozilla.org/en-
US/docs/Web/HTTP/Headers/X-Frame-Options

Server Leaks Information via "X-Powered-By" HTTP Response


Header Field(s)

Source raised by a passive scanner (Server Leaks


Information via "X-Powered-By" HTTP Response
Header Field(s))

CWE ID 200

WASC ID 13

Reference
http://blogs.msdn.com/b/varunm/archive/2013/0
4/23/remove-unwanted-http-response-
headers.aspx

file:///C:/Users/erojas/2022-11-26-ZAP-Report-.html#alert-type-1 9/11
11/26/22, 4:30 PM ZAP Scanning Report

http://www.troyhunt.com/2012/02/shhh-dont-
let-your-response-headers.html

Timestamp Disclosure - Unix

Source raised by a passive scanner (Timestamp


Disclosure)

CWE ID 200

WASC ID 13

Reference
http://projects.webappsec.org/w/page/13246936
/Information%20Leakage

X-Content-Type-Options Header Missing

Source raised by a passive scanner (X-Content-Type-


Options Header Missing)

CWE ID 693

WASC ID 15

Reference http://msdn.microsoft.com/en-
us/library/ie/gg622941%28v=vs.85%29.aspx

https://owasp.org/www-
community/Security_Headers

Information Disclosure - Suspicious Comments

Source raised by a passive scanner (Information


Disclosure - Suspicious Comments)

CWE ID 200

file:///C:/Users/erojas/2022-11-26-ZAP-Report-.html#alert-type-1 10/11
11/26/22, 4:30 PM ZAP Scanning Report

WASC ID 13

Modern Web Application

Source raised by a passive scanner (Modern Web


Application)

file:///C:/Users/erojas/2022-11-26-ZAP-Report-.html#alert-type-1 11/11

You might also like